Skip to content

chore(deps): bump the github-actions group across 1 directory with 16 updates#132

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-80489016d5
Open

chore(deps): bump the github-actions group across 1 directory with 16 updates#132
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-80489016d5

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026
edited
Loading

Bumps the github-actions group with 16 updates in the / directory:

Package From To
docker/setup-buildx-action 3 4
docker/build-push-action 6 7
actions/upload-artifact 6 7
actions/download-artifact 7 8
actions/setup-node 4 6
actions/setup-python 5 6
actions/cache 4 5
sigstore/cosign-installer 3.7.0 4.0.0
oxsecurity/megalinter 9.2.0 9.4.0
docker/setup-qemu-action 3 4
aquasecurity/trivy-action 0.33.1 0.35.0
docker/login-action 3 4
docker/metadata-action 5 6
actions/attest-build-provenance 3 4
lewagon/wait-on-check-action 1.4.1 1.5.0
dawidd6/action-download-artifact 11 16

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits
  • 4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • cd74e05 chore: update generated content
  • eee38ec build(deps): bump @​docker/actions-toolkit from 0.77.0 to 0.79.0
  • 7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
  • a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
  • e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
  • 28a438e Merge pull request #483 from crazy-max/node24
  • 034e9d3 chore: update generated content
  • b4664d8 remove deprecated inputs/outputs
  • a8257de node 24 as default runtime
  • Additional commits viewable in compare view

Updates docker/build-push-action from 6 to 7

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

... (truncated)

Commits
  • d08e5c3 Merge pull request #1479 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • cbd2dff chore: update generated content
  • f76f51f chore(deps): Bump @​docker/actions-toolkit from 0.78.0 to 0.79.0
  • 7d03e66 Merge pull request #1473 from crazy-max/rm-deprecated-envs
  • 98f853d chore: update generated content
  • cadccf6 remove deprecated envs
  • 03fe877 Merge pull request #1478 from docker/dependabot/github_actions/docker/setup-b...
  • 827e366 chore(deps): Bump docker/setup-buildx-action from 3 to 4
  • e25db87 Merge pull request #1474 from crazy-max/rm-export-build-tool
  • 1ac2573 Merge pull request #1470 from crazy-max/node24
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 6 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Updates actions/download-artifact from 7 to 8

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • 96bf374 One more test fix
  • b8c4819 Fix skip decompress test
  • Additional commits viewable in compare view

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
  • bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
  • 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
  • 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
  • bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
  • 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
  • 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
  • cfd55ca graalpy: add graalpy early-access and windows builds (#880)
  • bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
  • 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
  • Additional commits viewable in compare view

Updates actions/cache from 4 to 5

Release notes

Sourced from actions/cache's releases.

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

  • Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

Full Changelog: actions/cache@v4.2.2...v4.2.3

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

... (truncated)

Commits

Updates sigstore/cosign-installer from 3.7.0 to 4.0.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.0...v3.9.1

v3.9.0

What's Changed

Full Changelog: sigstore/cosign-installer@v3...v3.9.0

v3.8.2

... (truncated)

Commits

Updates oxsecurity/megalinter from 9.2.0 to 9.4.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.4.0

What's Changed

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(nΒ²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v9.4.0] - 2026-02-28

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(nΒ²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters
@dependabot
chore(deps): bump the github-actions group across 1 directory with 16…
3d58929 
… updates Bumps the github-actions group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7` | `8` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `4.0.0` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.2.0` | `9.4.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.1` | `0.35.0` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5` | `6` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3` | `4` | | [lewagon/wait-on-check-action](https://github.com/lewagon/wait-on-check-action) | `1.4.1` | `1.5.0` | | [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) | `11` | `16` | Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) Updates `actions/download-artifact` from 7 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...v8) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) Updates `sigstore/cosign-installer` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v3.7.0...v4.0.0) Updates `oxsecurity/megalinter` from 9.2.0 to 9.4.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@v9.2.0...v9.4.0) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.35.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.35.0) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `docker/metadata-action` from 5 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5...v6) Updates `actions/attest-build-provenance` from 3 to 4 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v3...v4) Updates `lewagon/wait-on-check-action` from 1.4.1 to 1.5.0 - [Release notes](https://github.com/lewagon/wait-on-check-action/releases) - [Changelog](https://github.com/lewagon/wait-on-check-action/blob/master/CHANGELOG.md) - [Commits](lewagon/wait-on-check-action@v1.4.1...v1.5.0) Updates `dawidd6/action-download-artifact` from 11 to 16 - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](dawidd6/action-download-artifact@v11...v16) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: oxsecurity/megalinter dependency-version: 9.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: lewagon/wait-on-check-action dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: dawidd6/action-download-artifact dependency-version: '16' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 9, 2026

Labels

The following labels could not be found: automation, dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.
@dependabot dependabot bot requested a review from szmyty as a code owner March 9, 2026 09:39
@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026

❌MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
❌ ACTION actionlint 19 16 0 1.39s
❌ ANSIBLE ansible-lint yes 214 no 13.67s
βœ… BASH bash-exec 18 0 0 0.11s
❌ BASH shellcheck 18 9 0 1.02s
❌ BASH shfmt 18 15 0 0.09s
βœ… CLOJURE cljstyle 1 0 0 0.02s
❌ CLOJURE clj-kondo 1 1 0 0.03s
❌ CLOUDFORMATION cfn-lint 1 1 0 9.98s
❌ COPYPASTE jscpd yes 58 no 6.09s
❌ DOCKERFILE hadolint 5 5 0 1.94s
❌ EDITORCONFIG editorconfig-checker 279 279 0 3.56s
❌ JAVASCRIPT eslint 4 4 0 2.32s
❌ JAVASCRIPT prettier 4 4 0 1.26s
❌ JSON jsonlint 32 2 0 4.52s
❌ JSON npm-package-json-lint yes 1 no 0.48s
❌ JSON prettier 32 32 0 9.5s
❌ JSON v8r 32 1 0 68.2s
❌ MARKDOWN markdownlint 43 429 0 29.72s
❌ MARKDOWN markdown-table-formatter 43 12 0 11.84s
❌ POWERSHELL powershell 3 3 0 3.16s
❌ POWERSHELL powershell_formatter 3 3 0 2.8s
βœ… PYTHON bandit 5 0 0 3.37s
❌ PYTHON flake8 5 5 0 1.64s
βœ… PYTHON isort 5 0 0 1.2s
❌ PYTHON mypy 5 11 0 6.7s
❌ PYTHON pylint 5 11 0 11.11s
βœ… PYTHON pyright 5 0 0 9.28s
❌ PYTHON ruff 5 26 0 0.42s
βœ… PYTHON ruff-format 5 0 0 0.06s
❌ REPOSITORY checkov yes 12 no 24.04s
βœ… REPOSITORY dustilock yes no no 0.28s
❌ REPOSITORY gitleaks yes 1 no 0.02s
βœ… REPOSITORY git_diff yes no no 0.02s
❌ REPOSITORY grype yes 3 no 64.01s
❌ REPOSITORY kics yes 92 no 53.22s
βœ… REPOSITORY kingfisher yes no no 5.98s
❌ REPOSITORY secretlint yes 1 no 1.75s
❌ REPOSITORY syft yes 1 no 0.09s
❌ REPOSITORY trivy yes 1 no 10.71s
βœ… REPOSITORY trivy-sbom yes no no 6.76s
❌ REPOSITORY trufflehog yes 1 no 3.96s
❌ SPELL cspell 279 279 0 320.23s
❌ SPELL lychee 173 173 0 56.64s
❌ SPELL proselint 44 92 0 108.49s
❌ SPELL vale 43 15 434 25.07s
❌ TERRAFORM terragrunt 1 1 0 0.09s
βœ… XML xmllint 5 0 0 0.32s
❌ YAML prettier 97 97 0 24.26s
❌ YAML v8r 97 4 0 184.31s
❌ YAML yamllint 97 185 0 19.55s

Detailed Issues

❌ ACTION / actionlint - 16 errors 
86:info:13:36: Double quote to prevent globbing and word splitting [shellcheck] | 67 | run: | | ^~~~ .github/workflows/publish.yml:155:9: shellcheck reported issue in this script: SC2086:info:5:46: Double quote to prevent globbing and word splitting [shellcheck] | 155 | run: | | ^~~~ βœ… [SUCCESS] .github/workflows/release-notes.yml βœ… [SUCCESS] .github/workflows/sanity.yml βœ… [SUCCESS] .github/workflows/secrets-scan.yml βœ… [SUCCESS] .github/workflows/semantic-release.yml βœ… [SUCCESS] .github/workflows/test-examples.yml ❌ [ERROR] .github/workflows/test-unified.yml .github/workflows/test-unified.yml:163:9: shellcheck reported issue in this script: SC2086:info:6:22: Double quote to prevent globbing and word splitting [shellcheck] | 163 | run: | | ^~~~ βœ… [SUCCESS] .github/workflows/trivy-scan.yml βœ… [SUCCESS] .github/workflows/validate-changelog.yml βœ… [SUCCESS] .github/workflows/validate-copilot-setup.yml (Truncated to last 1025 characters out of 4996)
❌ ANSIBLE / ansible-lint - 214 errors 
ot-notation': (48, 'production'), 'sanity': (49, 'production'), 'fqcn': (50, 'production'), 'import-task-no-when': (51, 'production'), 'meta-no-dependencies': (52, 'production'), 'single-entry-point': (53, 'production'), 'use-loop': (54, 'production')}[/] # Rule Violation Summary 1 load-failure profile:min tags:core,unskippable 4 yaml profile:min tags:formatting,yaml 209 yaml profile:min tags:formatting,yaml Failed: 214 failure(s), 0 warning(s) in 36 files processed of 142 encountered. yaml[trailing-spaces]: Trailing spaces .github/workflows/validate-copilot-setup.yml:298 yaml[trailing-spaces]: Trailing spaces .github/workflows/validate-copilot-setup.yml:302 yaml[trailing-spaces]: Trailing spaces .github/workflows/validate-copilot-setup.yml:306 load-failure[runtimeerror]: ('Failed to load YAML file', PosixPath('mkdocs.yml')) (warning) mkdocs.yml:1 could not determine a constructor for the tag 'tag:yaml.org,2002:python/name:material.extensions.emoji.twemoji' in "<unicode string>", line 89, column 20 (Truncated to last 1025 characters out of 68275)
❌ CLOUDFORMATION / cfn-lint - 1 error 
scriptors/cloudformation_cfn_lint/ ----------------------------------------------- ❌ [ERROR] config/.cfnlintrc.yml E1001 'Resources' is a required property config/.cfnlintrc.yml:2:1 E1001 Additional properties are not allowed ('regions' was unexpected) config/.cfnlintrc.yml:2:1 E1001 Additional properties are not allowed ('include-checks' was unexpected) config/.cfnlintrc.yml:7:1 E1001 Additional properties are not allowed ('ignore-checks' was unexpected) config/.cfnlintrc.yml:12:1 E1001 Additional properties are not allowed ('templates' was unexpected) config/.cfnlintrc.yml:17:1 E1001 Additional properties are not allowed ('transform' was unexpected. Did you mean 'Transform'?) config/.cfnlintrc.yml:24:1 E1001 Additional properties are not allowed ('custom-rules' was unexpected) config/.cfnlintrc.yml:28:1 E1001 Additional properties are not allowed ('ignore-templates' was unexpected) config/.cfnlintrc.yml:32:1 (Truncated to last 1025 characters out of 1120)
❌ REPOSITORY / checkov - 12 errors 
ter-fix.yml:9-19	9 | apply-fixes:	10 | description: "Apply auto-fixes (all formatters and linters)"	11 | required: false	12 | default: "all"	13 | type: choice	14 | options:	15 | - all	16 | - none	17 |	18 | permissions:	19 | contents: write Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"	FAILED for resource: on(πŸ€– Semantic Release)	File: /.github/workflows/semantic-release.yml:17-18 Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"	FAILED for resource: on(πŸ“ Create GitHub Release)	File: /.github/workflows/release-notes.yml:15-16 Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"	FAILED for resource: on(πŸ”Ό Bump UBI Version)	File: /.github/workflows/bump-version.yml:23-24 Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"	FAILED for resource: on(Validate CHANGELOG)	File: /.github/workflows/validate-changelog.yml:20-21 (Truncated to last 1025 characters out of 17705)
❌ CLOJURE / clj-kondo - 1 error 
Results of clj-kondo linter (version 2026.01.19) See documentation on https://megalinter.io/9.4.0/descriptors/clojure_clj_kondo/ ----------------------------------------------- ❌ [ERROR] config/.clj-kondo/config.edn config/.clj-kondo/config.edn:12:3: warning: Unexpected linter name: :keyword-naming config/.clj-kondo/config.edn:13:3: warning: Unexpected linter name: :fn-arity config/.clj-kondo/config.edn:16:3: warning: Unexpected linter name: :wrong-arity config/.clj-kondo/config.edn:17:3: warning: Unexpected linter name: :macroexpand linting took 14ms, errors: 0, warnings: 4
❌ SPELL / cspell - 279 errors 
.cspell.config.mjs" Cannot find package 'cspell' imported from config/.cspell.config.mjs Did you mean to import "cspell/dist/cjs/commonJsApi.cjs"? ------------------------------------------- CSpell: Files checked: 0, Issues found: 0 in 0 files with 1 error. ❌ [ERROR] variants/node/Dockerfile Configuration Error: Failed to read config file: "config/.cspell.config.mjs" Cannot find package 'cspell' imported from config/.cspell.config.mjs Did you mean to import "cspell/dist/cjs/commonJsApi.cjs"? ------------------------------------------- CSpell: Files checked: 0, Issues found: 0 in 0 files with 1 error. ❌ [ERROR] variants/python/Dockerfile Configuration Error: Failed to read config file: "config/.cspell.config.mjs" Cannot find package 'cspell' imported from config/.cspell.config.mjs Did you mean to import "cspell/dist/cjs/commonJsApi.cjs"? ------------------------------------------- CSpell: Files checked: 0, Issues found: 0 in 0 files with 1 error. (Truncated to last 1025 characters out of 105164)
❌ EDITORCONFIG / editorconfig-checker - 279 errors 
The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks ❌ [ERROR] variants/minimal/Dockerfile The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks ❌ [ERROR] variants/node/Dockerfile The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks ❌ [ERROR] variants/python/Dockerfile The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks (Truncated to last 1025 characters out of 74788)
❌ JAVASCRIPT / eslint - 4 errors 
tsx}"], -------------------^ 26 | languageOptions: { 27 | parser: tsparser, at generateError (/node-deps/node_modules/js-yaml/lib/loader.js:199:10) at throwError (/node-deps/node_modules/js-yaml/lib/loader.js:203:9) at readDocument (/node-deps/node_modules/js-yaml/lib/loader.js:1651:5) at loadDocuments (/node-deps/node_modules/js-yaml/lib/loader.js:1694:5) at Object.load (/node-deps/node_modules/js-yaml/lib/loader.js:1720:19) at loadLegacyConfigFile (/node-deps/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:2565:21) at loadConfigFile (/node-deps/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:2680:20) at ConfigArrayFactory._loadConfigData (/node-deps/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:2984:42) at ConfigArrayFactory.loadFile (/node-deps/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:2850:40) at createCLIConfigArray (/node-deps/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:3660:35) (Truncated to last 1025 characters out of 5723)
❌ PYTHON / flake8 - 5 errors 
Results of flake8 linter (version 7.3.0) See documentation on https://megalinter.io/9.4.0/descriptors/python_flake8/ ----------------------------------------------- βœ… [SUCCESS] examples/polyglot/python/processor/__init__.py βœ… [SUCCESS] examples/polyglot/python/processor/main.py ❌ [ERROR] examples/polyglot/python/processor/utils.py examples/polyglot/python/processor/utils.py:25:17: F541 f-string is missing placeholders examples/polyglot/python/processor/utils.py:26:17: F541 f-string is missing placeholders examples/polyglot/python/processor/utils.py:32:21: F541 f-string is missing placeholders βœ… [SUCCESS] examples/python-cli/greet_cli/__init__.py ❌ [ERROR] examples/python-cli/greet_cli/cli.py examples/python-cli/greet_cli/cli.py:13:1: F401 'pathlib.Path' imported but unused examples/python-cli/greet_cli/cli.py:14:1: F401 'typing.Optional' imported but unused
❌ REPOSITORY / gitleaks - 1 error 
β—‹ β”‚β•² β”‚ β—‹ β—‹ β–‘ β–‘ gitleaks 9:47AM FTL Failed to load config error="[[allowlists]] must contain at least one check for: commits, paths, regexes, or stopwords"
❌ REPOSITORY / grype - 3 errors 
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft NAME INSTALLED FIXED IN TYPE VULNERABILITY SEVERITY EPSS RISK qs 6.14.0 6.14.1 npm GHSA-6rw7-vpxm-498p Medium 0.2% (40th) < 0.1 urllib3 2.6.2 2.6.3 python GHSA-38jv-5279-wg99 High < 0.1% (6th) < 0.1 qs 6.14.0 6.14.2 npm GHSA-w7fw-mjwx-w883 Low < 0.1% (11th) < 0.1 [0063] ERROR discovered vulnerabilities at or above the severity threshold
❌ DOCKERFILE / hadolint - 5 errors 
ckerfile:198 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>` variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.description` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.vendor` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.licenses` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.url` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.documentation` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.version` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.title` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.authors` is missing. variants/python/Dockerfile:206 DL3049 info: Label `org.opencontainers.image.sources` is missing. (Truncated to last 1025 characters out of 21223)
❌ COPYPASTE / jscpd - 58 errors 
────┼──────────────────── β”‚ url β”‚ 1 β”‚ 13 β”‚ 62 β”‚ 0 β”‚ 0 (0%) β”‚ 0 (0%) β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ Total: β”‚ 206 β”‚ 24187 β”‚ 151808 β”‚ 58 β”‚ 1775 (7.34%) β”‚ 11500 (7.58%) β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ Found 58 clones. HTML report saved to reports/megalinter/copy-paste/html/ ERROR: jscpd found too many duplicates (7.34%) over threshold (0%) Error: ERROR: jscpd found too many duplicates (7.34%) over threshold (0%) at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:615:13) at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:18 at Array.forEach (<anonymous>) at /node-deps/node_modules/@jscpd/finder/dist/index.js:108:22 at async /node-deps/node_modules/jscpd/dist/bin/jscpd.js:9:5 (Truncated to last 1025 characters out of 11967)
❌ JSON / jsonlint - 2 errors 
[SUCCESS] config/.flow-scanner.json βœ… [SUCCESS] config/.groovylintrc.json βœ… [SUCCESS] config/.jscpd.json βœ… [SUCCESS] config/.kics.config.json βœ… [SUCCESS] config/.markdown-link-check.json βœ… [SUCCESS] config/.markdownlint.json βœ… [SUCCESS] config/.npmpackagejsonlintrc.json βœ… [SUCCESS] config/.remarkrc.json βœ… [SUCCESS] config/.secretlintrc.json βœ… [SUCCESS] config/.stylelintrc.json βœ… [SUCCESS] config/.tsqllintrc.json βœ… [SUCCESS] config/META6.json βœ… [SUCCESS] config/pyrightconfig.json βœ… [SUCCESS] config/styles/proselint/meta.json βœ… [SUCCESS] config/styles/write-good/meta.json βœ… [SUCCESS] examples/node-express/.devcontainer/devcontainer.json βœ… [SUCCESS] examples/node-express/package-lock.json βœ… [SUCCESS] examples/node-express/package.json βœ… [SUCCESS] examples/polyglot/.devcontainer/devcontainer.json βœ… [SUCCESS] examples/polyglot/node/package-lock.json βœ… [SUCCESS] examples/polyglot/node/package.json βœ… [SUCCESS] examples/python-cli/.devcontainer/devcontainer.json βœ… [SUCCESS] package-lock.json βœ… [SUCCESS] package.json (Truncated to last 1025 characters out of 1799)
❌ REPOSITORY / kics - 92 errors 
-dev libncursesw5-dev libxml2-dev	178: Missing User Instruction, Severity: HIGH, Results: 5 Description: Always set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user. Platform: Dockerfile CWE: 250 Risk Score: 7.7 Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/fd54f200-402c-4333-a5a4-36ef6709af2f	[1]: variants/node/Dockerfile:184	183:	184: FROM node-tools AS final	185:	[2]: variants/full/Dockerfile:253	252:	253: FROM node-tools AS final	254:	[3]: variants/minimal/Dockerfile:150	149:	150: FROM environment AS final	151:	[4]: variants/python/Dockerfile:206	205:	206: FROM python-tools AS final	207:	[5]: .devcontainer/Dockerfile:260	259:	260: FROM nix-setup AS final	261: Results Summary: CRITICAL: 0 HIGH: 5 MEDIUM: 41 LOW: 46 INFO: 0 TOTAL: 92 A new version 'v2.1.20' of KICS is available, please consider updating (Truncated to last 1025 characters out of 26441)
❌ SPELL / lychee - 173 errors 
irectory (os error 2) ❌ [ERROR] tests/goss/goss-full.yaml Error: Cannot write status output to file Caused by: No such file or directory (os error 2) ❌ [ERROR] tests/goss/goss-minimal.yaml Error: Cannot write status output to file Caused by: No such file or directory (os error 2) ❌ [ERROR] tests/goss/goss-node.yaml Error: Cannot write status output to file Caused by: No such file or directory (os error 2) ❌ [ERROR] tests/goss/goss-python.yaml Error: Cannot write status output to file Caused by: No such file or directory (os error 2) ❌ [ERROR] tests/goss/goss.yaml Error: Cannot write status output to file Caused by: No such file or directory (os error 2) ❌ [ERROR] variants/README.md [EXCLUDED] file://CONTRIBUTING.md [EXCLUDED] file://README.md [EXCLUDED] file://docs/variants.md Error: Cannot write status output to file Caused by: No such file or directory (os error 2) (Truncated to last 1025 characters out of 106283)
❌ MARKDOWN / markdown-table-formatter - 12 errors 
.md βœ… [SUCCESS] docs/examples/README.md βœ… [SUCCESS] docs/getting-started/installation.md βœ… [SUCCESS] docs/getting-started/quick-start.md βœ… [SUCCESS] docs/index.md βœ… [SUCCESS] docs/license.md ❌ [ERROR] docs/release-process.md 1 files contain markdown tables to format: - docs/release-process.md ❌ [ERROR] docs/security-overview.md 1 files contain markdown tables to format: - docs/security-overview.md βœ… [SUCCESS] docs/security/README.md βœ… [SUCCESS] docs/security/privileged-mode.md ❌ [ERROR] docs/source-of-truth.md 1 files contain markdown tables to format: - docs/source-of-truth.md βœ… [SUCCESS] docs/troubleshooting.md ❌ [ERROR] docs/variants.md 1 files contain markdown tables to format: - docs/variants.md βœ… [SUCCESS] examples/README.md βœ… [SUCCESS] examples/node-express/README.md βœ… [SUCCESS] examples/polyglot/README.md βœ… [SUCCESS] examples/python-cli/README.md βœ… [SUCCESS] metrics/README.md βœ… [SUCCESS] tests/README.md βœ… [SUCCESS] tests/goss/README.md βœ… [SUCCESS] variants/README.md (Truncated to last 1025 characters out of 2700)
❌ MARKDOWN / markdownlint - 429 errors 
code blocks should have a language specified [Context: "```"] ❌ [ERROR] metrics/README.md metrics/README.md:151:121 error MD013/line-length Line length [Expected: 120; Actual: 140] ❌ [ERROR] tests/README.md tests/README.md:17 error MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] tests/README.md:56:121 error MD013/line-length Line length [Expected: 120; Actual: 132] tests/README.md:153:25 error MD050/strong-style Strong style [Expected: asterisk; Actual: underscore] tests/README.md:153:34 error MD050/strong-style Strong style [Expected: asterisk; Actual: underscore] ❌ [ERROR] tests/goss/README.md tests/goss/README.md:3:121 error MD013/line-length Line length [Expected: 120; Actual: 140] tests/goss/README.md:7:121 error MD013/line-length Line length [Expected: 120; Actual: 137] ❌ [ERROR] variants/README.md variants/README.md:7 error MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] (Truncated to last 1025 characters out of 60484)
❌ PYTHON / mypy - 11 errors 
et_cli/cli.py:16:1: note: See https://mypy.readthedocs.io/en/stable/running_mypy.html#missing-imports examples/python-cli/greet_cli/cli.py:19:2: error: Untyped decorator makes function "main" untyped [untyped-decorator] @click.command() ^~~~~~~~~~~~~~~ examples/python-cli/greet_cli/cli.py:20:2: error: Untyped decorator makes function "main" untyped [untyped-decorator] @click.option( ^~~~~~~~~~~~~ examples/python-cli/greet_cli/cli.py:27:2: error: Untyped decorator makes function "main" untyped [untyped-decorator] @click.option( ^~~~~~~~~~~~~ examples/python-cli/greet_cli/cli.py:34:2: error: Untyped decorator makes function "main" untyped [untyped-decorator] @click.option( ^~~~~~~~~~~~~ examples/python-cli/greet_cli/cli.py:40:2: error: Untyped decorator makes function "main" untyped [untyped-decorator] @click.option( ^~~~~~~~~~~~~ Found 6 errors in 1 file (checked 1 source file) (Truncated to last 1025 characters out of 2753)
❌ JSON / npm-package-json-lint - 1 error 
cli:	Configuration for rule "name-format" is invalid:	- severity must be a string.	- severity must be either "off", "warning", or "error".
❌ POWERSHELL / powershell - 3 errors 
Results of powershell linter (version 7.5.4) See documentation on https://megalinter.io/9.4.0/descriptors/powershell_powershell/ ----------------------------------------------- ❌ [ERROR] config/.arm-ttk.psd1 Invoke-ScriptAnalyzer: powershellversion is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity. ❌ [ERROR] config/.powershell-formatter.psd1 Invoke-ScriptAnalyzer: Value System.Collections.Generic.Dictionary`2[System.String,System.Object] for key severity has the wrong data type. ❌ [ERROR] config/.powershell-psscriptanalyzer.psd1 Invoke-ScriptAnalyzer: rootmodule is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.
❌ POWERSHELL / powershell_formatter - 3 errors 
Results of powershell_formatter linter (version 7.5.4) See documentation on https://megalinter.io/9.4.0/descriptors/powershell_powershell_formatter/ ----------------------------------------------- ❌ [ERROR] config/.arm-ttk.psd1 Invoke-Formatter: useconstantstrings is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity. ❌ [ERROR] config/.powershell-formatter.psd1 Invoke-Formatter: indentationtype is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity. ❌ [ERROR] config/.powershell-psscriptanalyzer.psd1 Invoke-Formatter: pipelineindentation is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.
❌ JAVASCRIPT / prettier - 4 errors 
Results of prettier linter (version 3.8.1) See documentation on https://megalinter.io/9.4.0/descriptors/javascript_prettier/ ----------------------------------------------- ❌ [ERROR] examples/node-express/src/app.js Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/node-express/src/server.js Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/polyglot/node/src/app.js Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/polyglot/node/src/server.js Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js
❌ JSON / prettier - 32 errors 
xamples/node-express/package.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/polyglot/.devcontainer/devcontainer.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/polyglot/node/package-lock.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/polyglot/node/package.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] examples/python-cli/.devcontainer/devcontainer.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] package-lock.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] package.json Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js (Truncated to last 1025 characters out of 4712)
❌ YAML / prettier - 97 errors 
[error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tasks/tools.yml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tasks/utils.yml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tests/goss/goss-full.yaml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tests/goss/goss-minimal.yaml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tests/goss/goss-node.yaml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tests/goss/goss-python.yaml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js ❌ [ERROR] tests/goss/goss.yaml Checking formatting... [error] Cannot find package 'prettier-plugin-sh' imported from noop.js (Truncated to last 1025 characters out of 14169)
❌ SPELL / proselint - 92 errors 
ariants.md ❌ [ERROR] examples/README.md examples/README.md:65:15: lexical_illusions.misc There's a lexical illusion here: a word is repeated. βœ… [SUCCESS] examples/node-express/README.md βœ… [SUCCESS] examples/polyglot/README.md βœ… [SUCCESS] examples/polyglot/python/requirements.txt ❌ [ERROR] examples/python-cli/README.md examples/python-cli/README.md:24:22: leonard.exclamation.30ppm More than 30 ppm of exclamations. Keep them under control. βœ… [SUCCESS] metrics/README.md ❌ [ERROR] tests/README.md tests/README.md:235:25: typography.symbols.ellipsis '...' is an approximation, use the ellipsis symbol '…'. tests/README.md:240:31: typography.symbols.curly_quotes Use curly quotes β€œβ€, not straight quotes "". Found 6 times elsewhere. tests/README.md:246:23: typography.symbols.curly_quotes Use curly quotes β€œβ€, not straight quotes "". tests/README.md:250:24: typography.symbols.curly_quotes Use curly quotes β€œβ€, not straight quotes "". βœ… [SUCCESS] tests/goss/README.md βœ… [SUCCESS] variants/README.md (Truncated to last 1025 characters out of 12387)
❌ PYTHON / pylint - 11 errors 
0: No value for argument 'show_env' in function call (no-value-for-parameter) βœ… [SUCCESS] examples/polyglot/python/processor/utils.py βœ… [SUCCESS] examples/python-cli/greet_cli/__init__.py ❌ [ERROR] examples/python-cli/greet_cli/cli.py ************* Module config/.pylintrc config/.pylintrc:1:0: E0015: Unrecognized option found: suggestion-mode (unrecognized-option) ************* Module greet_cli.cli examples/python-cli/greet_cli/cli.py:16:0: E0401: Unable to import 'click' (import-error) examples/python-cli/greet_cli/cli.py:128:4: E1120: No value for argument 'name' in function call (no-value-for-parameter) examples/python-cli/greet_cli/cli.py:128:4: E1120: No value for argument 'greeting' in function call (no-value-for-parameter) examples/python-cli/greet_cli/cli.py:128:4: E1120: No value for argument 'excited' in function call (no-value-for-parameter) examples/python-cli/greet_cli/cli.py:128:4: E1120: No value for argument 'show_env' in function call (no-value-for-parameter) (Truncated to last 1025 characters out of 1913)
❌ PYTHON / ruff - 26 errors 
_.py ❌ [ERROR] examples/python-cli/greet_cli/cli.py warning: The top-level linter settings are deprecated in favour of their counterparts in the `lint` section. Please update the following options in `examples/python-cli/pyproject.toml`: - 'ignore' -> 'lint.ignore' - 'select' -> 'lint.select' F401 [*] `pathlib.Path` imported but unused --> examples/python-cli/greet_cli/cli.py:13:21 | 11 | import os 12 | import sys 13 | from pathlib import Path | ^^^^ 14 | from typing import Optional | help: Remove unused import: `pathlib.Path` F401 [*] `typing.Optional` imported but unused --> examples/python-cli/greet_cli/cli.py:14:20 | 12 | import sys 13 | from pathlib import Path 14 | from typing import Optional | ^^^^^^^^ 15 | 16 | import click | help: Remove unused import: `typing.Optional` Found 2 errors. [*] 2 fixable with the `--fix` option. (Truncated to last 1025 characters out of 11418)
❌ REPOSITORY / secretlint - 1 error 
ecretlint's rule module: "@secretlint/secretlint-rule-pattern" is not found. cwd: /github/workspace baseDir: at SecretLintModuleResolver.resolveRulePackageName (file:///node-deps/node_modules/@secretlint/config-loader/module/SecretLintModuleResolver.js:53:19) at loadPackagesFromConfigDescriptor (file:///node-deps/node_modules/@secretlint/config-loader/module/index.js:52:79) at async loadConfig (file:///node-deps/node_modules/@secretlint/config-loader/module/index.js:138:30) at async file:///node-deps/node_modules/@secretlint/node/module/index.js:109:34 at async createEngine (file:///node-deps/node_modules/@secretlint/node/module/index.js:102:26) at async lintFileOrText (file:///node-deps/node_modules/secretlint/module/index.js:5:20) at async runSecretLint (file:///node-deps/node_modules/secretlint/module/index.js:31:28) at async file:///node-deps/node_modules/secretlint/bin/secretlint.js:15:44 } ] } (Truncated to last 1025 characters out of 25231)
❌ BASH / shellcheck - 9 errors 
(info): This function is never invoked. Check usage (or ignored if invoked indirectly). For more information: https://www.shellcheck.net/wiki/SC2329 -- This function is never invoked. C... ❌ [ERROR] tests/negative/test-restrictions.sh In tests/negative/test-restrictions.sh line 27: command_not_exists() { ^-- SC2329 (info): This function is never invoked. Check usage (or ignored if invoked indirectly). For more information: https://www.shellcheck.net/wiki/SC2329 -- This function is never invoked. C... βœ… [SUCCESS] tests/unit/test-tasks-lint.sh βœ… [SUCCESS] tests/unit/test-tasks-tools.sh βœ… [SUCCESS] tests/unit/test-tasks-utils.sh ❌ [ERROR] tests/validate-semantic-release.sh In tests/validate-semantic-release.sh line 30: file_exists() { ^-- SC2329 (info): This function is never invoked. Check usage (or ignored if invoked indirectly). For more information: https://www.shellcheck.net/wiki/SC2329 -- This function is never invoked. C... (Truncated to last 1025 characters out of 3603)
❌ BASH / shfmt - 15 errors 
nd works" echo "test" | wc -l >/dev/null echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" ❌ [ERROR] tests/validate-semantic-release.sh diff tests/validate-semantic-release.sh.orig tests/validate-semantic-release.sh --- tests/validate-semantic-release.sh.orig +++ tests/validate-semantic-release.sh @@ -17,7 +17,7 @@ check() { local test_name="$1" shift - + if "$@" &>/dev/null; then echo "βœ… $test_name" else @@ -78,11 +78,11 @@ echo "βœ… Node.js available: $(node --version)" if command_exists npm; then echo "βœ… npm available: $(npm --version)" - + # Check if dependencies are installed if [[ -d "node_modules" ]]; then echo "βœ… node_modules directory exists" - + # Check if semantic-release binary exists if [[ -f "node_modules/.bin/semantic-release" ]]; then echo "βœ… semantic-release binary installed" (Truncated to last 1025 characters out of 16986)
❌ REPOSITORY / syft - 1 error 
[0000] ERROR invalid application config: decoding failed due to the following error(s): 'catalogers[0]' expected type 'string', got unconvertible type 'map[string]interface {}'
❌ TERRAFORM / terragrunt - 1 error 
Results of terragrunt linter (version 0.99.4) See documentation on https://megalinter.io/9.4.0/descriptors/terraform_terragrunt/ ----------------------------------------------- ❌ [ERROR] config/terragrunt.hcl 09:47:05.409 ERROR flag `--config` is not a valid flag for `format`. Did you mean to use `run --config`?
❌ REPOSITORY / trivy - 1 error 
root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. See https://avd.aquasec.com/misconfig/ds-0002 ──────────────────────────────────────── variants/python/Dockerfile (dockerfile) ======================================= Tests: 24 (SUCCESSES: 23, FAILURES: 1) Failures: 1 (MEDIUM: 0, HIGH: 1, CRITICAL: 0) DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument ════════════════════════════════════════ Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. See https://avd.aquasec.com/misconfig/ds-0002 ──────────────────────────────────────── πŸ“£ Notices: - Version 0.69.3 of Trivy is now available, current version is 0.69.1 To suppress version checks, run Trivy scans with the --skip-version-check flag (Truncated to last 1025 characters out of 12274)
❌ REPOSITORY / trufflehog - 1 error 
2026-03-09T09:45:16Z	error	trufflehog	error parsing the provided configuration file	{"error": "proto: (line 1:2): unknown field \"branch\""}
❌ JSON / v8r - 1 error 
OT have additional properties, found additional property 'noTabCharacter' βœ… [SUCCESS] config/.jscpd.json βœ… [SUCCESS] config/.kics.config.json βœ… [SUCCESS] config/.markdown-link-check.json βœ… [SUCCESS] config/.markdownlint.json βœ… [SUCCESS] config/.npmpackagejsonlintrc.json βœ… [SUCCESS] config/.remarkrc.json βœ… [SUCCESS] config/.secretlintrc.json βœ… [SUCCESS] config/.stylelintrc.json βœ… [SUCCESS] config/.tsqllintrc.json βœ… [SUCCESS] config/META6.json βœ… [SUCCESS] config/pyrightconfig.json βœ… [SUCCESS] config/styles/proselint/meta.json βœ… [SUCCESS] config/styles/write-good/meta.json βœ… [SUCCESS] examples/node-express/.devcontainer/devcontainer.json βœ… [SUCCESS] examples/node-express/package-lock.json βœ… [SUCCESS] examples/node-express/package.json βœ… [SUCCESS] examples/polyglot/.devcontainer/devcontainer.json βœ… [SUCCESS] examples/polyglot/node/package-lock.json βœ… [SUCCESS] examples/polyglot/node/package.json βœ… [SUCCESS] examples/python-cli/.devcontainer/devcontainer.json βœ… [SUCCESS] package-lock.json βœ… [SUCCESS] package.json (Truncated to last 1025 characters out of 6520)
❌ YAML / v8r - 4 errors 
sible.json#/$defs/tasks ... βœ– tasks/tools.yml is invalid tasks/tools.yml# must NOT have additional properties, found additional property 'version' tasks/tools.yml# must NOT have additional properties, found additional property 'tasks' ❌ [ERROR] tasks/utils.yml β„Ή No config file found β„Ή Pre-warming the cache β„Ή Processing tasks/utils.yml β„Ή Found schema in https://www.schemastore.org/api/json/catalog.json ... β„Ή Validating tasks/utils.yml against schema from https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks ... βœ– tasks/utils.yml is invalid tasks/utils.yml# must NOT have additional properties, found additional property 'version' tasks/utils.yml# must NOT have additional properties, found additional property 'tasks' βœ… [SUCCESS] tests/goss/goss-full.yaml βœ… [SUCCESS] tests/goss/goss-minimal.yaml βœ… [SUCCESS] tests/goss/goss-node.yaml βœ… [SUCCESS] tests/goss/goss-python.yaml βœ… [SUCCESS] tests/goss/goss.yaml (Truncated to last 1025 characters out of 6818)
❌ SPELL / vale - 15 errors 
write-good.TooWordy 293:67 suggestion Try to avoid using 'was'. write-good.E-Prime 293:145 suggestion Try to avoid using 'been'. write-good.E-Prime 300:19 warning 'validate' is too wordy. write-good.TooWordy 300:45 warning 'is lost' may be passive write-good.Passive voice. Use active voice if you can. 300:45 suggestion Try to avoid using 'is'. write-good.E-Prime βœ– 1 error, 27 warnings and 26 suggestions in 1 file. βœ… [SUCCESS] docs/source-of-truth.md βœ… [SUCCESS] docs/troubleshooting.md βœ… [SUCCESS] docs/variants.md βœ… [SUCCESS] examples/README.md βœ… [SUCCESS] examples/node-express/README.md βœ… [SUCCESS] examples/polyglot/README.md βœ… [SUCCESS] examples/python-cli/README.md βœ… [SUCCESS] metrics/README.md βœ… [SUCCESS] tests/README.md βœ… [SUCCESS] tests/goss/README.md βœ… [SUCCESS] variants/README.md (Truncated to last 1025 characters out of 39477)
❌ YAML / yamllint - 185 errors 
config/styles/proselint/Very.yml βœ… [SUCCESS] config/styles/write-good/Cliches.yml βœ… [SUCCESS] config/styles/write-good/E-Prime.yml βœ… [SUCCESS] config/styles/write-good/Illusions.yml βœ… [SUCCESS] config/styles/write-good/Passive.yml βœ… [SUCCESS] config/styles/write-good/So.yml βœ… [SUCCESS] config/styles/write-good/ThereIs.yml βœ… [SUCCESS] config/styles/write-good/TooWordy.yml βœ… [SUCCESS] config/styles/write-good/Weasel.yml βœ… [SUCCESS] config/trivy-sbom.yaml βœ… [SUCCESS] config/trivy.yaml βœ… [SUCCESS] mkdocs.yml ❌ [ERROR] tasks/lint.yml tasks/lint.yml 2:1 warning missing document start "---" (document-start) 184:1 error too many blank lines (3 > 2) (empty-lines) 190:9 warning comment not indented like content (comments-indentation) βœ… [SUCCESS] tasks/tools.yml βœ… [SUCCESS] tasks/utils.yml βœ… [SUCCESS] tests/goss/goss-full.yaml βœ… [SUCCESS] tests/goss/goss-minimal.yaml βœ… [SUCCESS] tests/goss/goss-node.yaml βœ… [SUCCESS] tests/goss/goss-python.yaml βœ… [SUCCESS] tests/goss/goss.yaml (Truncated to last 1025 characters out of 16760)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

0 participants